CLAIMS 

1. A method for authorizing access by remote entities to logical units provided by a 
mass storage device comprising: 

providing an access table that includes entries that each represents authorization of a 
particular remote entity to access a particular logical unit; 

providing a supplemental access table that includes entries that each represents 
authorization of a particular control device logical unit to access a particular logical unit; and 

when a remote entity requests execution of an operation directed to a specified 
control device logical unit and involving one or more additional specified logical units, 

authorizing the request for execution of the operation only when an entry 
currently exists in the access table that represents authorization of the remote entity to access 
the specified control device logical unit and, for each of the one or more additional specified 
logical units, an entry exists in the supplemental access table that represents authorization of 
the specified control device logical unit to access the additional specified logical unit. 

2. The method of claim 1 wherein the mass storage device includes ports through 
which requests from remote entities are received, and wherein authorizing a request for 
execution is carried out by a controller within the mass storage device. 

3. The method of claim 2 wherein the access table includes entries each comprising: 
an indication of a logical unit or control device logical unit; 

an indication of a port; and 

an indication of a remote entity. 

4. The method of claim 2 wherein the supplemental access table includes entries each 
comprising: 

an indication of a control device logical unit; and 
an indication of a logical unit. 


5. The method of claim 2 wherein the mass storage device is a disk array and remote 
entities are remote computers interconnected with the disk array via a communications 
medium. 

6. An authorization system for authorizing access by remote entities to logical units 
provided by a mass storage device comprising: 

a request detecting component that detects requests for execution of an operation 
generated by a remote entity; 

an access table that includes entries that each represents authorization of a particular 
remote entity to access a particular logical unit; 

a supplemental access table that includes entries that each represents authorization of 
a particular control device logical unit to access a particular logical unit; and 

control logic that authorizes a request made by a remote entity, detected by the 
request detecting component, directed to a specified control device logical unit and involving 
one or more additional specified logical units only when an entry exists in the access table 
that represents authorization of the remote entity to access the specified control device logical 
unit and, for each of the one or more additional specified logical units, an entry exists in the 
supplemental access table that represents authorization of the specified control device logical 
unit to access the additional specified logical unit. 

7. The system of claim 6 wherein the mass storage device includes ports through which 
requests from remote entities are received, and wherein the control logic resides within the 
mass storage device. 

8. The system of claim 7 wherein the access table includes entries each comprising: 
an indication of a logical unit or control device logical unit; 

an indication of a port; and 

an indication of a remote entity. 
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9. The system of claim 7 wherein the supplemental access table includes entries each 
comprising: 

an indication of a control device logical unit; and 
an indication of a logical unit. 

10. The system of claim 7 wherein the mass storage device is a disk array and remote 
entities are remote computers interconnected with the disk array via a communications 
medium. 


